Italian hackers ‘assist’ DISS, Police spy on you – Wikileaks
Secret email conversations from Wikileaks exposed how the Botswana Police Service and the Directorate of Intelligence and Security Services (DISS) through a local consultant have been in contact with an Italian spyware designing firm to purchase surveillance software that steals data, monitors smartphones, email, online traffic and civilian communication on social media.
The firm, Hacker Team was itself, recently, attacked by other hackers who passed 400GB of its confidential information to Wikileaks in July 2015. Sifting through the data, The Botswana Gazette has established that through a local IT company, African Cyber Risk Institute (ACRI), law enforcement and intelligence agencies sought to purchase the “highly offensive” spy programme known as Galileo Remote Control System. The Sudanese government was issued quotations amounting to US$500 000 for the spy software.
Leaked operational manuals reveal the designer of the programme; Italian David Vicenzentti explaining that it is a “stealth, spyware based system for attacking, infecting and monitoring computers and smartphones which has full intelligence on target users even for encrypted communications (Skype, PGP, secure web mail, etc).”
“Its systems exploit vulnerabilities in desktop and mobile operating systems in order to covertly take control of a target’s computer, and discreetly eavesdrop on web clicks and key strokes. The malware infects a computer’s machine either through physical implantation or an online attack, and if successfully deployed it can intercept the likes of supposedly encrypted Skype chats and browsing history,” explained Vicenzentti.
Information seen in the database from these leaks suggests that the Milan-based Hacking Team sold Galileo to countries with the worst human rights records on the planet such as Sudan, Ethiopia, Oman and Saudi Arabia. The team denie any wrongdoing.
In their secret email communication, the Managing Director of ACRI, Beza Belayneh informed Hacker Team that he was a security advisor in preventing and combating cyber crime and strengthening cyber security through education and consulting and that they had a national law enforcement agency requesting them to assist them eavesdrop on civilian social media communication to fight cyber crime.
“They want to solve a lot of social media crimes in Botswana and want us to recommend solutions to monitor social media abuse,” Belayneh told the Italians.
ACRI is a training and research organization on website testing, malware analysis, social engineering and cyber security.
It requested the cost of the spy firm’s products and “how we can be a reseller in the region, we have a good customer base because we do a lot of education and clients trust us but they ask for a solution.” In this covert conversation, the Hacker Team asked ACRI to sign non-disclosure agreements.
Quizzed on their expression of interest in controversial Internet and phone tapping software from a company that has been accused of selling its surveillance products to repressive governments, ACRI’s Belayneh told The Botswana Gazette that they were not purchasing the spy software for any government agency.
However, to the Hacker team, Belayneh expressed his delight in their surveillance software and praised their “reputation and complexity and capability in regards to Galileo.”
The software has capability to insert data collecting bugs in a person’s computer online and offline. The software brochure highlights to its customers that Galileo Remote Control System is a, “ spyware, a Trojan horse, a bug, a monitoring tool, an attack tool and a tool for taking control of the end points, that is, the personal computers.” It is also stated that no antivirus, antispyware, anti key-loggers can detect the software.
According to ACRI, the Botswana Police was their client for the much sought after spyware. “We request for more information on range of cost and terms of purchasing and deploying including training we wish to supply the government police this product,” said Belayneh.
Quizzed further on this purchase and whether there was a public tendering process, Belayneh said that they did not buy the software and there was no tender.
At pains to explain why his email out rightly stated to the Hacker Team that he was looking to resell in Botswana and provide to law enforcement agencies, particularly the police, Belayneh said that he was lying to them so that the firm could get excited and offer him a demo.
“We did not buy it, we only wanted them to give us a demo and we had to convince them that we can have clients to buy their product here, so we said police, we do it all the time, we have requested and downloaded similar software before. It is standard practice to download sample software,” he claimed that they also provided false information to the hacker company. The Botswana Police could not be reached for comment at press.
Belayneh distanced his company from activities linked to Internet violation of civilian privacy rights citing that he had signed numerous obligations for privacy protection and enhancement of citizen online security. He refused to comment on allegations that state spy organs are often used to eavesdrop on civilians’ conversations and hack into their communication using such spy ware.
“We are also a training institute so we use numerous software to teach and understand how it works. We have even placed a software that detects the Hacker Team’s Galileo called Detekt,” he explained.
Wikileaks’ documents appear to confirm earlier accusations by critics that Hacker Team was dealing with various governments, many of which have questionable human rights records. Reporters Without Borders, a freedom of press and expression movement has listed Hacker Team on its Enemies of the Internet index.
This emerges while government has rolled out a multi billion Pula tender for the Safe City project, said to be a grand plan to put every part of urban Botswana under surveillance, preferably before the General Elections of 2019.
Reports by The Business Weekly & Review indicated that Safe City would entail putting together a surveillance system, with CCTV cameras on most of the major streets of the major areas of the country. While Phase 1 of the project entails renaming some suburbs and streets in Gaborone, the second part would include installation of surveillance systems in the said suburbs, putting up command centres to manage the information.
Put together with, the Galileo software, which can control an individual’s computer and modify hard disk contents, Botswana would have moved into an all-eye-seeing mass surveillance state.